diff -Nru iptables-persistent-1.0.4+nmu2ubuntu1/debian/changelog iptables-persistent-1.0.4+nmu2ubuntu2/debian/changelog --- iptables-persistent-1.0.4+nmu2ubuntu1/debian/changelog 2019-03-21 17:21:31.000000000 -0300 +++ iptables-persistent-1.0.4+nmu2ubuntu2/debian/changelog 2021-12-10 10:51:47.000000000 -0300 @@ -1,3 +1,12 @@ +iptables-persistent (1.0.4+nmu2ubuntu2) bionic; urgency=medium + + * Add configuration options IP[6]TABLES_RESTORE_NOFLUSH so that + existing rules are not flushed on start/load (LP: #1949643) + - debian/netfilter-persistent.default: Introduce options + - plugins/{15-ip4tables,25-ip6tables}: Check/apply options + + -- Jorge Merlino Fri, 10 Dec 2021 10:51:47 -0300 + iptables-persistent (1.0.4+nmu2ubuntu1) bionic; urgency=medium * plugins/{15-ip4tables,25-ip6tables}: Adjust plugins code to not hard-fail diff -Nru iptables-persistent-1.0.4+nmu2ubuntu1/debian/netfilter-persistent.default iptables-persistent-1.0.4+nmu2ubuntu2/debian/netfilter-persistent.default --- iptables-persistent-1.0.4+nmu2ubuntu1/debian/netfilter-persistent.default 2017-03-17 01:50:20.000000000 -0300 +++ iptables-persistent-1.0.4+nmu2ubuntu2/debian/netfilter-persistent.default 2021-12-10 10:51:47.000000000 -0300 @@ -2,3 +2,8 @@ # Plugins may extend this file or have their own FLUSH_ON_STOP=0 + +# Set to yes for not flushing existing ip[6]tables rules when netfilter-persistent +# is called with the start parameter +# IPTABLES_RESTORE_NOFLUSH=yes +# IP6TABLES_RESTORE_NOFLUSH=yes diff -Nru iptables-persistent-1.0.4+nmu2ubuntu1/plugins/15-ip4tables iptables-persistent-1.0.4+nmu2ubuntu2/plugins/15-ip4tables --- iptables-persistent-1.0.4+nmu2ubuntu1/plugins/15-ip4tables 2019-03-21 17:21:31.000000000 -0300 +++ iptables-persistent-1.0.4+nmu2ubuntu2/plugins/15-ip4tables 2021-12-10 10:51:47.000000000 -0300 @@ -14,13 +14,24 @@ rc=0 +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + load_rules() { + if [ "${IPTABLES_RESTORE_NOFLUSH}x" = "yesx" ]; then + NOFLUSH='--noflush' + else + NOFLUSH='' + fi + #load IPv4 rules if [ ! -f /etc/iptables/rules.v4 ]; then echo "Warning: skipping IPv4 (no rules to load)" else - /sbin/iptables-restore < /etc/iptables/rules.v4 2> /dev/null + /sbin/iptables-restore $NOFLUSH < /etc/iptables/rules.v4 2> /dev/null if [ $? -ne 0 ]; then rc=1 fi diff -Nru iptables-persistent-1.0.4+nmu2ubuntu1/plugins/25-ip6tables iptables-persistent-1.0.4+nmu2ubuntu2/plugins/25-ip6tables --- iptables-persistent-1.0.4+nmu2ubuntu1/plugins/25-ip6tables 2019-03-21 17:21:31.000000000 -0300 +++ iptables-persistent-1.0.4+nmu2ubuntu2/plugins/25-ip6tables 2021-12-10 10:51:47.000000000 -0300 @@ -14,13 +14,24 @@ rc=0 +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + load_rules() { + if [ "${IP6TABLES_RESTORE_NOFLUSH}x" = "yesx" ]; then + NOFLUSH='--noflush' + else + NOFLUSH='' + fi + #load IPv6 rules if [ ! -f /etc/iptables/rules.v6 ]; then echo "Warning: skipping IPv6 (no rules to load)" else - /sbin/ip6tables-restore < /etc/iptables/rules.v6 2> /dev/null + /sbin/ip6tables-restore $NOFLUSH < /etc/iptables/rules.v6 2> /dev/null if [ $? -ne 0 ]; then rc=1 fi